Solved

Cisco 7960 VoIP behind ASA 5510 not recieving calls, but can make calls

Posted on 2010-11-15
4
1,727 Views
Last Modified: 2013-12-27
I have an interesting problem with our ASA 5510. We have a few Cisco 7960 VoIP phones which can make calls but are unable to receive calls after a few hours.

My thought was that the ASA was causing an issue with SYN/ACK messages coming from the phones and being denied due to no matching SYN and causing half open connections on the phones until the phone can no longer receive any new connections. I've seen this happen in the logs before.

this was "fixed" with:
service resetinbound interface outside
service resetinbound interface inside

However, I'm not seeing any denied SYN/ACK messages now and the phones are having this issue. The only way I know to temporarily resolve it is to re-enter the dynamic nat configuration, and then the phones begin to work again.

The phones are configured for SIP, and are using our ISPs IPBX to register.
[Phone]---->[ASA]-------->[ISP IPBX]

I've attached the ASA config. If anyone has any input on this, it will be greatly appreciated.


0
Comment
Question by:aaronhebert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 

Assisted Solution

by:aaronhebert
aaronhebert earned 0 total points
ID: 34143159
ran debug sip and found the following message

SIP::Unable to open pinhole for NOTIFY message from 192.168.26.20 to 192.168.26.20/50195
0
 

Expert Comment

by:kunalpatel
ID: 34212746
Dont you have to run the phone-proxy for this to work ??

Check this out

https://supportforums.cisco.com/docs/DOC-5704

Cheers

Kunal
0
 

Accepted Solution

by:
aaronhebert earned 0 total points
ID: 34317570
Found out that inspecting SIP on ASAs will cause this issue.

Resolution:
Do not inspect SIP. Perform QoS based on Expedited Forward value.

From the IP header:
Differentiated Services Field: 0xb8 (DSCP 0x2e: Expedited Forwarding; ECN: 0x00)

This problem exists because we use multiple VoIP vendors. Linksys and Cisco. Each use their own protocols. Cisco uses RTP over UDP, and Linksys uses straight UDP without any further encapsulation. matching for QoS by DSCP field has resolved this issue.
priority-queue outside
priority-queue inside
!
class-map global-voice-class
 match dscp ef
!
policy-map global-voice-policy
 class global-voice-class
  priority
!
service-policy global-voice-policy global

Open in new window

0
 

Author Closing Comment

by:aaronhebert
ID: 34358719
issue resolved
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Almost all Internet protocol telephones have built-in switches at the back that allow you to connect your personal computer to one port and use the other port to connect your phone to to a Cisco switch.   Why we need to connect the PC to the pho…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question